Firmware Engineer, Minimalist, Improving Runner

Sending Netflix OAuth Requests With Python

Feb 24, 2013

Oauth is an authentication protocol which allows users to grant a third-party access to their resources - without sharing their password. Kind of similar to creating a temporary key to your car for someone, a key which can have chosen limitations and be disabled at any time. Great for users. Confusing for newbies like me working with it.

That's because each service can have a different method to "hand-shake" between the user and consumer. In a previous post, I shared a demo which uses the Netflix API. It was my first experience with Oauth and it took me a while to understand all the nuances involved. Here, I'll detail how I sent non-authenticated and authenticated signed requests to Netflix with Python.

Before You Start

Go over the Netflix Authentication Overview. This contains all the required info to make Netflix API requests. It also has nice information containing common REST API tasks you can send.

Performing A Non-Authenticated Request

The "autocomplete catalog" request searches the Netflix catalog for movies and tv shows which partially match the search string. It's a non-authenticated request and only requires the consumer key and a percent-encoded search string. The format of the request is as follows:

Extracting the Netflix data returned can be done by converting the XML response to an Element Object with the ElementTree library. Once in this tree-format, it can be traversed and parsed with the built-in functions:

While this may look daunting, it's not too bad once broken down. First, decide what Netflix resource you want to access (catalog/people, users/current, etc). In this example, we want more information on a particular title so we use the catalog/titles resource. The base URL thus looks like:

TITLE_URL = 'http://api-public.netflix.com/catalog/titles'

Second, we gather the required OAuth parameters for the Netflix request.

parm - Optional parameter(s) which specify what data is returned. For the catalog titles search, we use the "term" parameter along with the movie/tv's title to gather the film's details.

consumer_key - Your application's consumer key.

nonce - Random string of characters to distinguish each request from one another.

oauth_method - This is always HMAC-SHA1.

time_stamp - Number of seconds since epoch (Jan 1st, 1970).

oauth_version - This is 1.0 for now.

Although not required for the base string, we'll later need the parameters to be in alphabetical order, so it's easier to keep them in order from the start.

The last piece of data to collect is the signature of the base string. This is calculated by passing your consumer secret and the base string to the HMAC-SHA1 hashing algorithm. Also, the result of the HMAC function needs to be base64 encoded, turning it from an unreadable binary string into readable characters:

This basic tutorial only brushes the surface of what the Netflix API has available. To see the original code, feel free to fork my Neatflix demo from Github. Try the example above or see if you can gather data from another Netflix resource. The sky is the limit on what cool applications you can conjure up.